Configure Knox Gateway for
DataPlane

DP Platform communicates with services on the cluster like DP Agents, Ambari, Atlas,
Ranger, etc as well as DP Agents used by DP Apps (for example: DLM Engine for DLM and Profiler
for DSS). To eliminate DataPlane communicating directly to all the cluster service endpoints,
you can configure Knox Gateway as a proxy to your cluster services.

Important

If you are using TLS wire encryption on your clusters, you must configure Knox
Gateway to proxy requests to and from DP host.

This topic provides an overview of how to configure Knox Gateway proxy in your cluster
services for DataPlane communication. If you configure Knox Gateway as the proxy for
communication, be sure all DP services are configured through the gateway. Refer to the
Hortonworks Data Platform or Hortonworks DataFlow documentation for details that might be
applicable to your specific cluster configuration and setup.

Knox host FQDN must be DNS addressable and available from your DataPlane environment. If
not, the Knox IP address must be in the /etc/hosts file on the DP
environment. Refer to the DataPlane Administration guide for details on how to
add Knox to the DataPlane environment hosts.

On your cluster Knox host, navigate to the Knox topologies directory.

cd /etc/knox/conf/topologies

Create a DataPlane proxy topology file.

vi dp-proxy.xml

Add the host name for each of the services listed in the file, based on where that
service is running in your cluster.

Tip

At this point, you can add to the file the DP service agents that
you plan to install, or you can add them later.

Important

Do not modify the URL in the provider section of the file.

Be sure to keep this file updated if you move services or add services in
your cluster.

The <localhost> entry in the following example might be something like
ctr-exxxx-xxx-xxx.company.site:20070.